Behavioral task
behavioral1
Sample
3293d4bd5ca1a2fa1f2136b8c428e1f0a7f6a834168f26f2bcb98e26899ec77d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3293d4bd5ca1a2fa1f2136b8c428e1f0a7f6a834168f26f2bcb98e26899ec77d.exe
Resource
win10v2004-20231222-en
General
-
Target
3293d4bd5ca1a2fa1f2136b8c428e1f0a7f6a834168f26f2bcb98e26899ec77d.exe
-
Size
26KB
-
MD5
52db41e11da9c1a57e6de0cc158741a5
-
SHA1
0d3f62aa2a53a5bc2e1dceab63f0990375a786c5
-
SHA256
b4ee7d5e6719bc4744182d197f6541dbf3548cdaa8e16d4947c52f7a41be4389
-
SHA512
9b8eff2a4b00d2b87899db2f74e0aced19867285154b318b32b4d81ef5ecdae3b30199a5ff0abb414db74ee7e3114487b93fc16461a997aa58530e3fdb68cd9b
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QZb5hxDGJ:5OElB6sc9GZbXxD+
Malware Config
Signatures
-
Chaos Ransomware 1 IoCs
resource yara_rule sample family_chaos -
Chaos family
-
Detects command variations typically used by ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3293d4bd5ca1a2fa1f2136b8c428e1f0a7f6a834168f26f2bcb98e26899ec77d.exe
Files
-
3293d4bd5ca1a2fa1f2136b8c428e1f0a7f6a834168f26f2bcb98e26899ec77d.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ